MediaWiki is a set of web-based wiki engines from the U.S. Wikimedia (MediaWiki) Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.37.2 and earlier, which stems from a SemanticDrilldown extension that allows SQL injection using specific “-” and “_”. An attacker could exploit this vulnerability to conduct SQL injection attacks.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki mediawiki | le | 1.37.2 |